CN108604187A - The deploying virtual machine of trustship - Google Patents

The deploying virtual machine of trustship Download PDF

Info

Publication number
CN108604187A
CN108604187A CN201780009368.6A CN201780009368A CN108604187A CN 108604187 A CN108604187 A CN 108604187A CN 201780009368 A CN201780009368 A CN 201780009368A CN 108604187 A CN108604187 A CN 108604187A
Authority
CN
China
Prior art keywords
virtual machine
client device
hypervisor
component
installed
Prior art date
Application number
CN201780009368.6A
Other languages
Chinese (zh)
Inventor
A·M·哈代
A·S·雷科夫斯基
Original Assignee
安维智有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US15/019,193 priority Critical patent/US10255092B2/en
Priority to US15/019,193 priority
Application filed by 安维智有限公司 filed Critical 安维智有限公司
Priority to PCT/US2017/017207 priority patent/WO2017139476A1/en
Publication of CN108604187A publication Critical patent/CN108604187A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances

Abstract

System may include computer instruction, and computing device can be made to obtain the request for representing user's access application.The request can be obtained from client device associated with the user.Computer instruction can also make computing device determine the need for client device execution virtual machine, executing application.Computer instruction can also make whether computing device identification virtual machine is installed in client device.Computer instruction can also make computing device that virtual machine be made to be installed in client device.

Description

The deploying virtual machine of trustship

Cross reference to related applications

This application claims entitled " deploying virtual machine (the MANAGED VIRTUAL of trustship submitted on 2 9th, 2016 MACHINE DEPLOYMENT) " U.S. Non-provisional Patent application No.15/019,193 equity, entire contents are by drawing With being incorporated herein.

Background technology

In corporate environment, user is commonly accorded a computing device.Some enterprises allow of the user using them People's equipment accesses business data and application program.Enterprise can be based on user role or enterprise in group in member identities To determine each user can access which data or application program.

Some enterprises can make application program be based on browser, so that user can execute spy by web browser Determine application program and interacts.In these scenes, enterprise can prevent user from accessing the application program based on browser, directly It has been based on until username and password verifies user to enterprise.

Enterprise can also be provided to special or common application repository access, can make to apply journey by downloading Sequence is available.User can download the installation kit of application program from repository, install application program, then execute and answer on their device Use program.In order to allow user to download installation kit from repository, enterprise can require user to pass through enterprise mobility management (EMM) System registry equipment.EMM systems can enforce conjunction rule rule and policy, with ensure the equipment of user meet certain information and Data safety demand.Due to may exist various types of prerequisites to access enterprise application, user may not Wish that by facility registration be trustship equipment, except non-user is accessing the application program needed to EMM system registries.

Description of the drawings

Many aspects of the disclosure may be better understood with reference to the following drawings.Component in attached drawing is painted not necessarily to scale System, but focus on the principle for being clearly shown the disclosure.Moreover, in the accompanying drawings, running through several views, identical reference numeral Indicate corresponding part.

Fig. 1 is the exemplary figure of networked environment.

Fig. 2A -2B are the examples of the user interface presented by client device.

Fig. 3 A-3B show the exemplary sequence chart for illustrating component interaction.

Fig. 4 and Fig. 5 A to Fig. 5 C are the exemplary flow charts for the function of showing to be realized by management service.

Fig. 6 to Fig. 8 is the exemplary flow chart for the function of showing to be realized by Host Administration component.

Fig. 9 to Figure 12 is the exemplary flow chart for the function of showing to be realized by hypervisor.

Specific implementation mode

This disclosure relates to can be by the deployment and configuration of the virtual machine on the client device of service for business management management. In one example, user may want to use and cannot locally be held by the host operating system in the client device of user Capable application program.Although host operating system is unable to executing application, in order to provide a user the visit to application program It asks, monitoring and control the management service of the client device of user can create and provide virtual machine to client device, can Emulate the execution for the application program asked by user.In addition, management service can install other assemblies, such as hypervisor (hypervisor) and managing caller component it, can be required to execute and the activity of supervision application program.In addition, management clothes Business can make virtual machine and be executed with the pattern for hiding the console of virtual machine, and hypervisor is performed application program Generate user interface so that application program seems to be locally executed by host operating system.Therefore, it is by leading that user, which can access not, The application program that machine operating system executes, and the application program seems the application program and has installed simultaneously for users It is executed by the host operating system in user equipment.

In the following discussion, it is the example of the operation of these systems later by the system of description and its example of component.

Referring to Fig.1, the example of networked environment 100 is shown.Networked environment 100 may include by network 109 into line number According to the enterprise computing environment 103 and client device 106 of communication.Network 109 may include internet, one or more inline Times of net, extranet, wide area network (WAN), LAN (LAN), cable network, wireless network or two or more this networks What is combined.Network 109 may include satellite network, cable network, Ethernet, cellular network and telephone network.

Enterprise computing environment 103 can be the calculating runed by one or more enterprises (such as company or its hetero-organization) System.Enterprise computing environment 103 may include that can provide the computing device of computing capability, such as server computer.It is optional Ground, enterprise computing environment 103 may include that the multiple calculating for being arranged in one or more server libraries or calculating in hangar are set It is standby.Such as wherein enterprise computing environment 103 includes multiple computing devices, which can be located in single installation, or The computing device can be distributed in multiple and different geographical locations.

In some instances, enterprise computing environment 103 may include that trustship computing resource or grid computing money is collectively formed The computing device in source.In other examples, enterprise computing environment 103 can be operated as elastic calculation resource, for elasticity The capacity of calculating related resource (such as process resource, the Internet resources and storage resource) distribution of computing resource can be with the time And change.In other examples, enterprise computing environment 103 may include or to be operating as one or more virtual machines real Example, can be executed to perform functions described herein.

Enterprise computing environment 103 may include various systems.For example, enterprise computing environment 103 may include management service 113, it can monitor and manage the operation of client device associated with the operation enterprise of enterprise computing environment 103 106. In some examples, management service 113 can be registered in the mobile device management service provided by management service 113 with supervision and oversight In multiple client equipment 106 operation.Management service 113 can also be provided to client device 106 to Email, day Count the access of evidence, associated person information and other resources associated with enterprise one by one.

Enterprise computing environment 103 can also include directory service 116.Directory service 116 can be authenticated simultaneously user Which specific corporate resources of user's Internet access determined.Directory service 116, which can also manage, accesses enterprise computing environment 103 The voucher of the user of resource, such as username and password.In some instances, directory service 116 may include Microsoft Active mesh Record (MICROSOFT ACTIVE DIRECTORY) directory service.

Enterprise computing environment 103 can also include that business data stores 119.Business data storage 119 can represent networking The addressable multiple business data of component in environment 100 store 119.Business data storage 119 can store and enterprise calculation The associated various data of environment 103.For example, business data storage 119 can store user data 123 and close rule rule 126.

The user data 123 being stored in business data storage 119 may include indicating and being associated with enterprise computing environment The data of the 103 corresponding information of user.For example, user data 123 can specify specific user's Internet access, which is specific Resource (such as data and application program).In some instances, user data 123 can with role of the designated user in enterprise, Such as post or the affiliated service groups of user.

Various conjunctions rule 126 can be distributed to each client device 106 by management service 113.Closing rule rule 126 can It is considered meeting closing one or more conditions of rule rule 126 to specify such as client device 106 must satisfy.Each In kind example, both enterprise computing environment 103, client device 106 or enterprise computing environment 103 and client device 106 It can determine whether client device 106 meets conjunction rule rule 126.For example, client device 106 can generate description client The data object of the state of end equipment 106 and associated information, setting and parameter.Client device 106 or management service Component in 113 can assess data object and advise rule 126 to determine whether client device 106 meets corresponding close.

In one example, closing rule rule 126 can specify application-specific to be prohibited to be mounted on client device 106 In.As another example, home can be must be positioned at given client end equipment 106 by closing rule rule 126, such as operate enterprise The office space (premises) of the enterprise of computing environment 103, so that client device 106 is authorized to or presents client Content in equipment 106.In another example, closing rule rule 126 can specify when client device 106 " is slept from low-power It is required to generate screen locking when dormancy " state " wake-up ", and user needs password to unlock screen locking.

Various conjunction rule rules 126 can be based on time, geographical location or equipment and network property.For example, when client is set When being located in specific geographic position for 106, client device 106 can meet conjunction rule rule 126.In other examples, work as visitor When family end equipment 106 is communicated with specific local network (specific local network such as managed by enterprise computing environment 103), client is set Standby 106 can meet conjunction rule rule 126.In addition, in another example, can meet when time and date matches designated value and close Rule rule 126.

Another example for closing rule rule 126 is related to whether user belongs to specific user group.For example, closing rule rule 126 May include that specific application journey is such as installed or executed to specified specific user or whether authorized perform various functions of user group ( Sequence) white list or blacklist.

In some instances, enterprise can be with operational administrative service 113 to ensure that the client device 106 of its user meets respectively From conjunction rule rule 126.It is operated by ensuring the client device 106 of its user according to rule rule 126 is closed, enterprise can be with Control the access to resource and so as to improve the safety of equipment associated with the user of enterprise and client device 106.

Client device 106 can represent the multiple client equipment 106 for maying be coupled to network 109.Client device 106 may include processor-based computer system, such as desktop computer, laptop computer, personal digital assistant, hand Machine or tablet computer.

Client device 106 may include host operating system 136, Host Administration component 139 and virtual machine performing environment 143.Host operating system 136 can be with the hardware and software resource in managing customer end equipment 106.Host operating system 136 is also Various services can be provided, can such as assist the various assemblies in client device 106 communicate with one another with shared data into Communication service between journey.

Host Administration component 139 can monitor activity and setting in client device 106, including virtual machine performing environment Activity in 143 and setting, and determine whether client device 106 meets the conjunction rule rule for distributing to client device 106 126.In some instances, Host Administration component 139 can parse the data pair of the state and setting of description client device 106 As to determine whether client device 106 closes rule.In other examples, Host Administration component 139 can be with management service 113 Communication is to determine whether management service 113 thinks that client device 106 meets conjunction rule rule 126.Host Administration component 139 may be used also To be communicated with the various assemblies (component in such as virtual machine performing environment 143) in client device 106.

Virtual machine performing environment 143 can be that one or more virtual machines 146 are held wherein in client device 106 Capable environment.In some instances, virtual machine performing environment 143 can be the environment of containerization.In this regard, client Equipment 106 can forbid at least some data to be transferred into and out virtual machine performing environment 143.In this way, virtual machine executes The operation of component in environment 143 can be divided and separated with the other assemblies in client device 106.

Virtual machine performing environment 143 may include hypervisor 149 and virtual machine 146.Virtual machine 146 can be imitative The Virtualization Computer example of the operation of the component of true physical computer.Virtual machine 146 can be by 149 example of hypervisor Change and executes.Hypervisor 149 can also monitor the operation of virtual machine 146 and be taken to Host Administration component 139 or management Business 113 provides status information.

In some instances, it is one or more that hypervisor 149, which can be by providing containerization environment, Virtual machine 146 provides the application program for executing platform, in the containerization environment, only when meeting various conjunction rule rule 126, Just data is allowed to be sent to guest operating system and from guest operating system transmission data.Hypervisor 149 can be with The packet (such as disk image file) for virtual machine 146 is obtained, and installs or assembles the packet thus to create virtual machine 146.The user interface for guest operating system can also be presented for hypervisor 149 and so that user interface passes through host User interface in operating system 136 is shown.In addition, hypervisor 149 can be intercepted from guest operating system or visitor The hardware that application program is made calls, and potentially changes or explain these calling, and calling is relayed to host operating system 136 Kernel.Hypervisor 149 is also based on the availability of management or the instruction of host operating system 136 and host resource To control and distribute the system resource for being used for virtual machine 146.Hypervisor 149 can function as virtual machine 146 and virtual The communication interface between component except machine performing environment 143.

In some instances, hypervisor 149 can with so that the component executed in virtual machine 146 seem by Pattern that host operating system 136 locally executes executes.For example, hypervisor 149 can be hidden for virtual machine 146 Console user interface.In addition, hypervisor 149 can make the component in virtual machine 146 user interface use by Format used in the user interface that host operating system 136 is locally presented and style are presented.

Virtual machine 146 may include that guest operating system 151 and the other assemblies in virtual machine 146 (such as are answered With program).Guest operating system 151 can manage the simulation hardware and software resource of virtual machine 146.Guest operating system 151 Various services can also be provided, can such as assist leading between the process that the various virtualisation components in virtual machine 146 communicate with one another Telecommunications services.

Managing caller component 153 can monitor activity and setting in virtual machine 146.In some instances, managing caller Component 153 can parse the data object of the state and setting of description virtual machine 146, to determine whether virtual machine 146 closes rule. In other examples, managing caller component 153 can be communicated with management service 113 to determine whether management service 113 thinks virtual Machine 146 meets conjunction rule rule 126.Managing caller component 153 can also be communicated with the various assemblies in client device 106, all Such as hypervisor 149 and Host Administration component 139.

As shown in Figure 1, Host Administration component 139 may include Virtual Machine Management Service device 156, may include virtual machine Manage data storage 159.Virtual Machine Management Service device 156 can be configured as the sheet that can be communicated with hypervisor 149 Ground server.For this purpose, when to Virtual Machine Management Service device 156 send message when, Virtual Machine Management Service device 156 can with it is super The Internet protocol address (IP) and port numbers that management program 149 can use are associated.In some instances, it is described herein as At least some functions of being executed by Virtual Machine Management Service device 156 are alternatively executed by hypervisor 149.

Virtual Machine Manager data storage 159 can with storage virtual machine packet 163 and virtual machine configuration (profile) 166, It can be used for hypervisor 149 by Virtual Machine Management Service device 156.Virtual machine packet 163 may include one or more Multiple files, hypervisor 149 can be extracted and execute these files to create in virtual machine 146 and virtual machine 146 Component, such as guest operating system 151, managing caller component 153 and application program.In some instances, virtual machine packet 163 can To include virtual disk files, configuration file, basic input/output (BIOS) file, memory file and record file. Virtual machine packet 163 may include the disk image that can be installed by hypervisor 149.

Virtual machine configuration 166 can specify the configuration information and restrictive condition for virtual machine 146.For example, virtual Machine configuration file 166 can be denied access the storage device of attachment with designated virtual machine 146, can such as be attached to client and set Standby 106 universal serial bus (USB) driver.Another example of virtual machine configuration 166 can be appointed as virtual machine 146 create specific Virtual Private Network (VPN) so that virtual machine 146 can safely be led to enterprise computing environment 103 Letter.As another example, virtual machine configuration 166 can be arranged virtual with the due date of designated virtual machine 146 Machine 146 is no longer allowed to the time being present in client device 106.

Next, the example of the operation of description networked environment 100.Following discussion assumes that Host Administration component 139 is objective It is executed in family end equipment 106, and client device 106 is registered to management service 113 so that management service 113 can supervise Depending on the activity in managing customer end equipment 106.Following example it is also supposed that virtual machine performing environment 143 not yet in client device It is created in 106.

First, management service 113 can provide or assist the access to repository, pass through repository client device 106 Application program can be obtained.For example, management service 113 can create portal, the user of client device 106 can pass through the door Family checks that management service 113 has determined as the list for being authorized to the application program used for client device 106.Management service 113 to the available application-specific of user so that may depend on role of the user in enterprise, such as by being stored in enterprise's number According to the service groups belonging to the academic title or user indicated by the user data 123 in storage 119.For example, if user is enterprise Accountant, then management service 113 can enable accounting application program that user is used.

If user asks to access application-specific, management service 113 or Host Administration component 139 can be determined that It is no that client device 106 is needed to carry out executing application using virtual machine 146.Management service 113 can be determined due to various originals Cause needs client device 106 to carry out executing application using virtual machine 146.For example, distributing to the conjunction of client device 106 Rule rule 126, which can specify, needs user by virtual machine 146 come executing application.As another example, management service 113 It can determine since application program and the host operating system 136 in client device 106 are incompatible, it is therefore desirable to virtual machine 146 execute the application program.Management service 113 can for example, by by the list of the compatible operating system of the application program with Host operating system 136 is compared to determine whether the application program is compatible with client device 106, host operating system 136 can specify in data object, which is generated and provided to management service 113 by Host Administration component 139.

Once the determination of management service 113 needs client device 106 by 146 executing application of virtual machine, then manage Service 113 can determine whether compatible virtual machine 146 is already installed in client device 106.For this purpose, management service 113 The data object for the component installed in given client end equipment 106 can be obtained from Host Administration component 139.In another example In, management service 113, which can be provided compatible virtual machine 146 with requesting host management assembly 139 and whether be installed in client, to be set Instruction in standby 106.

If virtual machine 146 is installed in client device 106, management service 113 can determine that virtual machine 146 is It is no compatible with the application program of user's selection.It is somebody's turn to do in addition, management service 113 can determine whether virtual machine 146 is authorized to execute Application program.For this purpose, management service 113 can determine hypervisor 149 title and version number whether with the application Program compatibility simultaneously be authorized to execute the application program virtual machine 146 list in, the title of the hypervisor 149 and Version number is as indicated by the data object of the component by being installed in given client end equipment 106.

If management service 113 determines that virtual machine 146 is not installed in client device 106, management service 113 can To determine whether hypervisor 149 is already installed in client device 106.It is retouched for this purpose, management service 113 can parse The data object or management service 113 for stating the component in client device 106 can be with requesting host management assemblies Whether 139 offer hypervisors 149 are installed in the instruction in client device 106.

If hypervisor 149 is installed in client device 106, management service 113 can determine super Whether management program 149 is authorized to instantiation, executes and manage virtual machine 146.In some instances, management service 113 can be with It determines whether the title of hypervisor 149 and version number are located at be authorized to instantiation, execute and manage the super of virtual machine 146 In the list of grade management program 149, the title of the hypervisor 149 and version number are such as by describing to set mounted on client Indicated by the data object of component in standby 106.

In addition, management service 113 can also determine whether hypervisor 149 is compatible with virtual machine 146.For this purpose, pipe Reason service 113 can determine whether the title of hypervisor 149 and version number are located at the super pipe compatible with virtual machine 146 In the list for managing program 149, the title of the hypervisor 149 and version number are such as by specifying in client device 106 Indicated by the data object of the component of installation.

If the hypervisor 149 authorized is not installed in client device 106, management service 113 can be to Host Administration component 139 provides the installation kit for hypervisor 149.For example, management service 113 can send out installation kit It is sent to Host Administration component 139 and indicates that Host Administration component 139 executes installation kit.In another example, management service 113 It can indicate that Host Administration component 139 retrieves installation kit from specified storage location, and indicate that Host Administration component 139 executes Installation kit, to install hypervisor 149.

Once hypervisor 149 is installed in client device 106, management service 113 can be set to client Standby 106 offer user accesses the virtual machine 146 needed for requested application program.In some instances, management service 113 can be with Create and store several virtual machine packets 163 of various configurations.For example, management service 113 can generate multiple virtual machine packets 163, When it is mounted in client device 106, various computer systems are emulated or including various guest operating systems 151.At it In his example, management service 113 can ask access application in response to user and generate the virtual machine for virtual machine 146 Packet 163.For example, if application program needs certain types of guest operating system 151 and virtual machine 146, management service 113 Virtual machine packet 163 can be generated, when being installed by client device 106, generating has specified guest operating system 151 Virtual machine 146.In some instances, virtual machine packet 163 may include file and data so that when virtual machine packet 163 is by super When management program 149 is installed, application program and managing caller component 153 are already installed in virtual machine 146.

Other than creating for client device 106 or selecting virtual machine packet 163, management service 113 can also be virtual Machine 146 generates or selection virtual machine configuration 166.As described above, virtual machine configuration 166 can be with designated virtual machine 146 Configuration information and restrictive condition.Management service 113 can based on distribute to client device 106 conjunction advise rule 126 come really Determine the specific limitation of virtual machine configuration 166.For example, if close the regular 126 given client end equipments 106 of rule be not allowed to through By USB port access be attached to client device 106 equipment, then virtual machine configuration 166 can for example by configure with 151 associated BIOS of guest operating system makes the virtual USB port of virtual machine 146 disabled to forbid virtual machine 146 to pass through The equipment for being attached to client device 106 is accessed by USB port.

Once management service 113, which has been client device 106, creates or has selected virtual machine packet 163 and virtual machine configuration Virtual machine packet 163 and virtual machine configuration 166 can be supplied to Host Administration component by file 166, management service 113 139.In one example, virtual machine packet 163 and virtual machine configuration 166 can be aggregated into management clothes by management service 113 Business 113 can be sent to the single packet of Host Administration component 139.In other examples, management service 113 can be by virtual machine packet 163 and virtual machine configuration 166 be stored in business data storage 119, and indicate Host Administration component 139 from enterprise's number According to retrieval virtual machine packet 163 and virtual machine configuration 166 in storage 119.It is stored from business data in Host Administration component 139 In the example for retrieving virtual machine packet 163 and virtual machine configuration 166 in 119, management service 113 can be to Host Administration component 139 provide the information of the particular memory location of designated virtual machine packet 163 and virtual machine configuration 166.

Once Host Administration component 139 obtains virtual machine packet 163 and virtual machine configuration 166, Host Administration component 139 Virtual machine packet 163 and virtual machine configuration 166 can be stored in the Virtual Machine Manager number of Virtual Machine Management Service device 156 According in storage 159.Management service 113 is carried virtual machine packet 163 and virtual machine configuration 166 as packet (package) Supply the example of Host Administration component 139, Host Administration component 139 can be by virtual machine packet 163 and virtual machine configuration 166 be stored in Virtual Machine Manager data storage 159 in before extract the packet.

It is already stored at it in Virtual Machine Manager data storage 159 in virtual machine packet 163 and virtual machine configuration 166 Afterwards, Host Administration component 139 can indicate that virtual machine packet 163 and virtual machine configuration text are retrieved and installed to hypervisor 149 Part 166.For this purpose, Host Administration component 139 can send order to install virtual machine packet 163 and void to hypervisor 149 Quasi- machine configuration file 166, and the order can be with the position of designated virtual machine packet 163 and virtual machine configuration 166.At some In example, the position of virtual machine packet 163 and virtual machine configuration 166 can be designated as IP address and port numbers.

When hypervisor 149 receives the instruction of installation virtual machine packet 163 and virtual machine configuration 166, surpass Grade management program 149 can retrieve virtual machine packet 163 and virtual machine configuration 166 from Virtual Machine Management Service device 156.Then Hypervisor 149 can install virtual machine packet 163, and it includes visitor's operation to cause to create in virtual machine performing environment 143 The virtual machine 146 of system 151.In some instances, virtual machine packet 163 may include disk image, and install virtual machine packet 163 may include installation or assembly virtual machine packet 163.Hypervisor 149 can also install virtual machine configuration 166, It can specify hypervisor 149 that can disobey the limitation that virtual machine 146 enforces.In some instances, virtual machine Configuration file 166 may be mounted in the configuration file library of guest operating system 151, cause guest operating system 151 according to The configuration specified in virtual machine configuration 166 is operated.

After virtual machine 146 is mounted in client device 106, it may be necessary to by virtual machine 146 and directory service It is bound in domain in 116 so that virtual machine 147 can access resource associated with enterprise computing environment 103.The domain can be with It is the subregion of such as enterprise network, wherein resource (such as user account and client device 106) is registered to by enterprise calculation In the database that the domain controller of environment 103 is safeguarded.In order to bind the binding of virtual machine 146 with domain, management service 113 can To collect the information of description virtual machine 146, it is then based on the information and represents virtual machine 146 and create domain pair in directory service 116 As.In response to the field object created, numeric field data object can be returned to management service by the domain controller of directory service 116 113.Then numeric field data object can be transferred to the guest operating system 151 of virtual machine 146 by management service 113.Once visitor Operating system 151 has obtained numeric field data object, and guest operating system 151 can execute offline domain and be added function, such as with In the djoin.exe orders of WINDOWS operating systems, wherein numeric field data object is the parameter of the function.As a result, virtual machine 146 can be bound to the domain in directory service 116.

When hypervisor 149 has completed the installation of virtual machine 146, hypervisor 149 can notify to lead The completion of 139 this task of machine management assembly.Later, managing caller component 153 can be mounted on virtual machine by client device 106 In 146.Note that in some instances, managing caller component 153 can have been installed in virtual machine 146, in such case Example in, the installation of virtual machine packet 163 includes the installation file for leading to install managing caller component 153.

Managing caller component 153 can be mounted in virtual machine 146 by client device 106 in various ways.At one In example, Host Administration component 139 can store the installation kit of retrieval managing caller component 153 in 119 from business data, then It is supplied to hypervisor 149, hypervisor 149 that there is the instruction for executing installation kit the installation kit.At another In example, Host Administration component 139 can provide order to hypervisor 149, to be visited from 119 retrieval of business data storage The installation kit of objective management assembly 153.In some instances, which is used to retrieve the installation kit of managing caller component 153 and refers to Determine the storage location of installation kit.

Once hypervisor 149 has been obtained for the installation kit of managing caller component 153, then hypervisor Installation kit can be supplied to the guest operating system 151 of virtual machine 146 and indicate that the installation of guest operating system 151 is visited by 149 Objective management assembly 153.When being mounted with managing caller component 153, managing caller component 153 can be registered to management service 113 Virtual machine 146, and from management service 113 obtain virtual machine 146 conjunction rule rule 126.Then managing caller component 153 can be with base The activity in virtual machine 146 is monitored and controls in closing rule rule 126.

In some instances, managing caller component 153 can be communicated by hypervisor 149 with management service 113. For example, the message from managing caller component 153 can be supplied to hypervisor 149 by guest operating system 151, it can Management service 113 is routed messages to the virtual interface by network 109.Hypervisor 149 can be by virtually connecing Mouth receives message from management service 113, is then supplied to guest operating system 151 to be transmitted to visitor received message Management assembly 153.

In other examples, Host Administration component 139 can be for managing caller component 153 and management service 113 it Between communication interface.For example, the message from managing caller component 153 can be routed to host by hypervisor 149 Management assembly 139.When receiving the message from managing caller component 153, Host Administration component 139 can pass through network 109 forward that message to management service 113.Managing caller is sent to when Host Administration component 139 is received from management service 113 When the message of component 153, Host Administration component 139 can provide messages to hypervisor 149, then super management journey Sequence 149 can forward messages to managing caller component 153.Therefore, as described above, in the various examples, managing caller component 153 can be communicated by Host Administration component 139 with management service 113.

As described above, in some instances, virtual machine packet 163 may include installation file, when virtual machine packet 163 is performed When, the installation file makes the application program that user asks be installed in virtual machine 146.In other examples, virtual After machine 146 has been installed in client device 106, requested application program can be installed in virtual machine 146. In these examples, the various assemblies in client device 106 can be such that application program is mounted in virtual machine 146.

In one example, Host Administration component 139 can retrieve the installation text of the application program from management service 113 Part.Once receiving installation file, which can be supplied to hypervisor 149 simultaneously by Host Administration component 139 And instruction hypervisor 149 executes the installation file, to which application program is mounted in virtual machine 146.At another In example, Host Administration component 139 or management service 113 can ask hypervisor 149 to be retrieved from particular memory location Installation file simultaneously executes the installation file.In another example, managing caller component 153 can retrieve the peace of the application program File is filled, and the application program is installed by making guest operating system 151 execute the installation file that retrieves.

Once application program is mounted in virtual machine 146, then management service 113 can indicate hypervisor 149 So that the component executed in virtual machine 146 seems that the pattern locally executed by host operating system 136 operates.For example, Hypervisor 149 can hide the console user interface of virtual machine 146 and make the use of the component in virtual machine 146 Family interface uses format and style used in the user interface presented by host operating system 136 to present.In this way, it uses Application program can be experienced and be operated in family, just look like that it is locally executed by host operating system 136 equally, even if it is actually It is performed by the emulation in virtual machine performing environment 143.

With reference to figure 2A, the user interface that can be encoded by management service 113 and be presented by client device 106 is shown 203 example.Shown user interface 203 includes the list 206 of application program, and management service 113 has been determined as The user of client device 106 may have access to.As discussed above, management service 113 can be according to role of the user in enterprise Enable application-specific that user is used.The role of user can illustrate by the service groups belonging to academic title or user, can be with It is indicated by the user data 123 being stored in business data storage 119.

With reference to Fig. 2 B, show that the user in client device 106 has selected for management service 113 and determined Pass through the example of user interface 203 after 146 addressable application program of virtual machine for user.As discussed above, it distributes to The conjunction rule rule 126 of client device 106, which can specify, needs user by virtual machine 146 come executing application.As another One example, since application program and the host operating system 136 in client device 106 are incompatible, client device 106 Virtual machine 146 can be required to execute the application program.

The application program of virtual machine 146 is needed in response to user's selection, user interface 203, which can provide, indicates that this applies journey What sequence needed virtual machine 146 notifies 209.Notifying 209 can notify subscriber management service 113 just in the client device of user Installation virtual machine 146 is initiated in 106.

With reference to figure 3A to Fig. 3 B, the exemplary sequence chart for the interaction for illustrating the component in networked environment 100 is shown.Fig. 3 A Sequence chart to Fig. 3 B elaborates so that virtual machine 146 is installed in the example of the management service 113 in client device 106.

Since step 303, management service 113 can generate the packet of Host Administration component 139, may include virtual machine Packet 163 and virtual machine configuration 166.In some instances, the packet of generation may include that the equipment of Host Administration component 139 is matched It sets file or is specific in the form of the device configuration file of Host Administration component 139.

In step 306, management service 113 can notify 139 management service 113 of Host Administration component to create the packet And indicate that Host Administration component 139 retrieves the packet.In other examples, packet can be pushed to host pipe by management service 113 Manage component 139.As depicted at step 309, then Host Administration component 139 can retrieve the packet from management service 113.

Once Host Administration component 139 retrieves the packet, Host Administration component 139 can be extracted from the packet retrieved Virtual machine packet 163 and virtual machine configuration 166, as shown in step 313, and by virtual machine packet 163 and virtual machine configuration 166 are stored in the Virtual Machine Management Service device 156 being present in client device 106.In step 316, Host Administration component 139 can notify 149 Host Administration component 139 of hypervisor to have been obtained for virtual machine packet 163 and virtual machine configuration text Part 166 and indicate hypervisor 149 from Virtual Machine Management Service device 156 retrieve these resources.As described above, host pipe Reason component 139 with can providing the IP of the Virtual Machine Management Service device 156 of hypervisor 149 to hypervisor 149 Location and port numbers, to obtain virtual machine packet 163 and virtual machine configuration 166.

As depicted at step 319, hypervisor 149 can retrieve virtual machine packet 163 from Virtual Machine Management Service device 156 With virtual machine configuration 166.In step 323, hypervisor 149 can install virtual machine packet, can cause in void Virtual machine 146 is created in quasi- machine performing environment 143.

In addition, as shown at step 326, hypervisor 149 can install virtual machine configuration 166.As described above, Virtual machine configuration 166 can be with the configuration information and restrictive condition of designated virtual machine 146.For example, virtual machine configuration 166 It can specify hypervisor 149 that must destroy virtual machine 146 at the appointed time.Hypervisor 149 can pass through Such as the file of deleted representation virtual machine 146 destroys virtual machine 146.

In step 329, as shown in Figure 3B, then Host Administration component 139 can be provided to hypervisor 149 refers to It enables, so that managing caller component 153 is installed in virtual machine 146.As shown in step 333, hypervisor 149 is right Received instruction can be supplied to guest operating system 151 afterwards.In response, guest operating system 151 can be installed Managing caller component 153.

Once managing caller component 153 is installed in virtual machine 146, managing caller component 153 can notify management to take 113 installations of business, as indicated in a step 336.In some instances, which can pass through hypervisor 149 and host pipe Component 139 is managed to send.In other examples, which can be sent without being relayed by Host Administration component 139.

When management service 113 is notified the installation of managing caller component 153, management service 113 can be to management service 113 register the managing caller component 153.For this purpose, management service 113 can use voucher (such as username and password) certification visitor The user of family end equipment 106.In addition, managing caller component 153 can be registered as virtual machine 146 by guest operating system 151 Equipment manager.

As shown in step 339, then management service 113 can send order to install application to managing caller component 153 Program.Application program can be that the user of client device 106 asks the application program accessed.In some instances, management clothes Business 113 can send notifications directly to managing caller component 153 by network 109.In other examples, management service 113 Host Administration component 139 can be sent commands to, then Host Administration component 139 can forward the command to managing caller group Part 153.

As shown in step 343, after the order for receiving installation application program, managing caller component 153 can retrieve this The installation kit of application program.For this purpose, management service 113 can specify managing caller component 153 that can download depositing for the installation kit Storage space is set.In other examples, Host Administration component 139 can download installation kit and the installation kit is supplied to managing caller group Part 153.In alternative exemplary, guest operating system 151 can retrieve installation kit.

After managing caller component 153 has obtained the installation kit of application program, managing caller component 153 can make visit Application program is mounted in virtual machine 146 by objective operating system 151, as shown in step 346.For this purpose, managing caller component 153 can To ask guest operating system 151 to execute installation kit, to which the application program is mounted in virtual machine 146.For example, visitor manages Reason component 153 installation kit can be supplied to guest operating system 151 and indicate guest operating system 151 execute installation kit with Application program is installed.In addition, managing caller component 153 can configure installed application program.For example, managing caller component 153 can be that application program application configuration strategy and modification are arranged, and such as be configured specific to the Virtual Private Network of application program File.Later, which can terminate.

With reference to Fig. 4, the exemplary flow chart for the part operation that management service 113 is provided is shown.Particularly, Fig. 4 is carried The example of user interface, such as user interface for the portal of Application Repository, identification are generated for management service 113 Management service 113 authorizes the application program accessed.The flow chart of Fig. 4 can be counted as depicting in enterprise computing environment 103 The example of the method for realization.

Since step 403, management service 113 can obtain the request of certification user.The request of certification user can be with source From the user interface 203 of user's input authentication voucher.In step 406, whether management service 113 can determine user based on request It can be certified.User can be authenticated based on such as username and password or biological data.If user cannot be certified, Then the process can advance to end.In some cases, it can be possible to which mistake is presented in user interface 203, instruction user cannot It is certified or user can start another and attempt to carry out the his or her user credential of certification.

If user is certified in step 406, which can advance to step 409, in step 409, management service 113 can identify application program associated with the user data 123 of 106 user of client device.In some instances, with Record in user data 123 can be the member of specific group with designated user, and the list of the specific group and application-specific It is associated.The list of application program may include the application program that can be installed and locally execute in client device 106, can With the application program that is executed by browser and can be by the virtual machine 146 in client device 106 via emulating Application program.In step 413, management service 113 can generate the user interface 203 for listing identified application program.

With reference to Fig. 5 A to Fig. 5 C, the exemplary flow chart for another part operation that management service 113 is provided is shown.Especially Ground, Fig. 5 A to Fig. 5 C provide the example of management service 113, need 146 executing application of virtual machine in response to determining and Virtual machine 146 is disposed in client device 106.The flow chart of Fig. 5 A to Fig. 5 C can be considered as depicting in enterprise calculation ring The example for the method realized in border 103.

Since step 503, management service 113 can obtain user's selection to application program.For example, user can select Select the application-specific in multiple application programs that user interface 203 identifies.

In step 506, management service 113 can determine whether virtual machine 146 to execute selected application program. For example, closing rule rule 126 may be required in executing application in virtual machine 146.As another example, virtual machine 146 can It is required with incompatible with the host operating system 136 in client device 106 due to the application program.

If you do not need to 146 executing application of virtual machine, then management service 113 can be moved to step 509 and provide Access to application program.In some instances, management service 113 can determine visitor before providing to the access of application program Family end equipment 106 meets applicable conjunction rule rule 126.

If the determination of management service 113 needs virtual machine 146 to carry out executing application, management service 113 can move To step 513 and determine whether hypervisor 149 is mounted in client device 106.If hypervisor 149 is not Installation, then management service 113 can order Host Administration component 139 install hypervisor 149, as shown at stage 516.This Afterwards, or if hypervisor 149 is already installed in client device 106, management service 113 can be moved to step Rapid 519, this shows in figure 5B.

As shown in step 519, management service 113 can determine whether virtual machine 146 is already installed on client device 106 In.For this purpose, management service 113 can parse the data object of instruction 106 feature of client device, including it is mounted on client and sets Specific components in standby 106.In other examples, it is virtual to determine can to inquire Host Administration component 139 for client device 106 Whether machine 146 is mounted in client device 106.

If virtual machine 146 is simultaneously not installed in client device 106, then management service 113 can generate including The packet of virtual machine packet 163 and virtual machine configuration 166, as shown in step 523.As described above, virtual machine packet 163 may include Hypervisor 149 can be extracted and be installed or assemble and (such as be visited with creating the component in virtual machine 146 and virtual machine 146 Objective operating system 151, managing caller component 153 and application program) one or more files.Virtual machine configuration 166 It can be with the configuration information and restrictive condition of designated virtual machine 146.

In step 526, the packet of generation can be sent to the Host Administration group in client device 106 by management service 113 Part 139.Then, as shown in step 529, management service 113 can indicate that Host Administration component 139 extracts void from the packet of transmission Quasi- machine packet 163 and virtual machine configuration 166.

As shown in step 533, management service 113 can indicate that hypervisor 149 installs extracted virtual machine packet 163 and virtual machine configuration 166.The instruction of installation virtual machine packet 163 may include the finger of installation or assembly virtual machine packet 163 It enables, may include magnetic disk of virtual machine image.In some instances, Host Administration component 139 can be provided instructions to, and Instruction can be transmitted to hypervisor 149 by Host Administration component 139.In other examples, management service 113 can incite somebody to action Instruction is transmitted directly to hypervisor 149 and is used as intermediary without the use of Host Administration component 139.

Then management service 113 can be moved to step 536 and indicate guest operating system 151 by managing caller component 153 are mounted in virtual machine 146.In some instances, which can be provided to Host Administration component 139, and host The instruction can be forwarded to guest operating system 151 by management assembly 139 by hypervisor 149.In other examples, The instruction can be sent directly to guest operating system 151 by management service 113, be forwarded without Host Administration component 139 The instruction.

As shown in step 539, management service 113 can indicate that guest operating system 151 installs the application journey of user's selection Sequence.For this purpose, the installation kit of the application program can be supplied to by management service 113 together with the instruction for executing installation kit Guest operating system 151.In another example, management service 113 can provide designated position to guest operating system 151 The data of (such as uniform resource locator and port numbers), guest operating system 151 can obtain installation kit from the data.For For in example, Host Administration component 139 or managing caller component 153 can be that guest operating system 151 provides instruction to install Application program.After step 539, which can terminate.

As shown in step 519, if virtual machine 146 is already installed in client device 106, management service 113 can To advance to step 543, as shown in Figure 5 C.In step 543, management service 113 may determine whether that change is mounted on virtual machine Virtual machine configuration 166 in performing environment 143.As described above, particular virtual machine configuration file 166 can be based on distributing to The conjunction rule rule 126 of client device 106.If virtual machine configuration 166 is not changed in the determination of management service 113, manage Service 113 can advance to step 549, as shown in the figure.Otherwise, if 113 determination of management service will change virtual machine configuration text Part 166, then management service 113 can be moved to step 546, to generate newer virtual machine configuration and send it to master Machine management assembly 139.

In step 549, management service 113 can identify whether managing caller component 153 is mounted in virtual machine 146.For This, management service 113 can parse the data object for virtual machine 146 or client device 106, and identification is mounted on virtual Component in machine 146.In other examples, management service 113 can be with requesting host management assembly 139 or guest operating system 151 are provided about managing caller component 153 with the presence or absence of the instruction in virtual machine 146.If managing caller component 153 is Installation, then management service 113 can advance to step 556, as shown in the figure.

Otherwise, if management service 113 identifies that managing caller component 153 is not installed in virtual machine 146, clothes are managed Business 113 can be moved to step 553 and indicate that guest operating system 151 installs managing caller component 153.For example, in addition to being used for Guest operating system 151 executes except the instruction of installation kit, and management service 113 can also be that managing caller component 153 provides peace Dress packet.In alternative exemplary, management service 113 can provide guest operating system 151 to guest operating system 151 can be therefrom Obtain the storage location of installation kit.

As shown in step 556, then management service 113 can indicate that guest operating system 151 installs answering for user's selection Use program.For this purpose, management service 113 can provide the installation kit of the application program to guest operating system 151 and execute peace Fill the instruction of packet.In other examples, management service 113 with the storage location of designated mounting packet and download and can execute installation The instruction of packet.

In step 559, then management service 113 can indicate hypervisor 149 so that being held in virtual machine 146 Capable component is appeared to be operated by the natively executed pattern of host operating system 136.In some instances, super Management program 149 can be VMWARE virtualization products, and the instruction can be used for hypervisor 149 with " unified The instruction that pattern (unity mode) " is operated.In other examples, hypervisor 149 can be PARALLELS void Quasi-ization product, and management service 113 can indicate hypervisor 149 with " coherent pattern (coherence mode) " into Row operation.In response to the instruction, hypervisor 149 can hide the console user interface for virtual machine 146, and Cause the user interface for the component in virtual machine 146 that the user interface presented by host operating system 136 is used to be used Formatting and patterned presentation.When hypervisor 149 operates in this mode, which seems user It is locally executed as host operating system that the application program is installed in client device 106 136 times and by it.

With reference to Fig. 6, the exemplary flow chart for the part operation that Host Administration component 139 is provided is shown.Particularly, scheme 6 provide the example that Host Administration component 139 installs hypervisor 149 in client device 106.The flow chart of Fig. 6 It can be considered as depicting the example for the method realized in client device 106.

Since step 603, Host Administration component 139 can determine whether Host Administration component 139 has been obtained for pacifying The order of hypervisor 149 is filled, this can make host operating system 136 install hypervisor 149.Management service 113 can send order so that hypervisor 149 to be installed in Host Administration component 139.If Host Administration component 139 There is no the order of installation hypervisor 149, then process can terminate, as shown in the figure.

If Host Administration component 139 obtains the order of installation hypervisor 149, Host Administration component 139 can It is moved to step 606 and obtains the installation kit of hypervisor 149.In one example, management service 113 can be to host Management assembly 139 provides installation kit.In another example, management service 113 can be to 139 designated mounting of Host Administration component The storage location of packet, and Host Administration component 139 can retrieve installation kit from specified storage location.

After Host Administration component 139 has obtained installation kit, Host Administration component 139 can be operated with requesting host is System 136 executes installation kit, hypervisor 149 is mounted in virtual machine performing environment 143, as shown in step 609.This Afterwards, which can terminate.

With reference to figure 7, the exemplary flow chart for another part operation that Host Administration component 139 is provided is shown.Particularly, Fig. 7 provides Host Administration component 139 so that hypervisor 149 installs virtual machine packet 163 and virtual machine configuration 166 Example.The flow chart of Fig. 7 can be considered as depicting the example for the method realized in client device 106.

Since step 703, Host Administration component 139 determines whether it obtains virtual machine packet 163 and virtual machine configuration File 166.In some instances, management service 113 can provide to Host Administration component 139 and be used as Host Administration component 139 The virtual machine packet 163 individually wrapped and virtual machine configuration 166 that can be extracted.If Host Administration component 139 there is no Virtual machine packet 163 and virtual machine configuration 166, then process can terminate, as shown in the figure.

If Host Administration component 139 obtains virtual machine packet 163 and virtual machine configuration 166, host pipe really Virtual machine packet 163 and virtual machine configuration 166 can be stored in Virtual Machine Management Service device 156 by reason component 139, such as be walked Shown in rapid 706.Particularly, virtual machine packet 163 and virtual machine configuration 166 can be stored in void by Host Administration component 139 In the Virtual Machine Manager data storage 159 of quasi- machine management server 156.

Then, Host Administration component 139 can stored 163 He of virtual machine packet of the installation of order hypervisor 149 Virtual machine configuration 166, as shown in step 709.In some instances, the order may include IP address and port numbers, Indicate that hypervisor 149 can therefrom retrieve the storage location of virtual machine packet 163 and virtual machine configuration 166.Hereafter, mistake Journey can terminate.

With reference to figure 8, another exemplary flow chart for the part operation that Host Administration component 139 is provided is shown.Especially Ground, Fig. 8 is provided so that hypervisor 149 installs the example of the Host Administration component 139 of managing caller component 153.Fig. 8 Flow chart can be considered as depicting the example for the method realized in client device 106.

Since step 803, Host Administration component 139 can determine whether managing caller component 153 being mounted on In virtual machine 146.In some instances, management service 113, which can specify, needs managing caller component 153.In other examples, Host Administration component 139 can identify that conjunction rule rule 126 is specified and need managing caller component 153.

If you do not need to managing caller component 153, then the process can terminate.Otherwise, if necessary to managing caller group Part 153, then Host Administration component 139 can determine managing caller component 153 whether be mounted on virtual machine 146 in, such as step 806 It is shown.For this purpose, Host Administration component 139 can parse data object, indicate which component is mounted in virtual machine 146.

If managing caller component 153 has been installed, which can terminate.Otherwise, if managing caller component 153 It does not install, then Host Administration component 139 can be moved to step 809 and order guest operating system 151 installs managing caller component 153.In one example, Host Administration component 139 can provide the installation of managing caller component 153 to guest operating system 151 Packet and the instruction for executing installation kit.In another example, Host Administration component 139 can order managing caller component 153 Installation kit is obtained from designated position.In some instances, user can be prompted to receive Terms of Use and agree to allow virtual machine 146 It is registered to management service 113.

With reference to Fig. 9, the exemplary flow chart for the part operation that hypervisor 149 is provided is shown.Particularly, scheme 9 provide the example that hypervisor 149 installs virtual machine 146.The flow chart of Fig. 9 can be considered as depicting in client The example for the method realized in equipment 106.

Since step 903, hypervisor 149 can determine whether it obtains the life of installation virtual machine packet 163 It enables.For example, hypervisor 149 can receive a command to installation virtual machine packet 163 from Host Administration component 139.If super Grade management program 149 there is no the order of installation virtual machine packet 163, then the process can terminate.

Otherwise, if hypervisor 149 obtains the order of installation virtual machine packet 163, super management journey really Sequence 149 can obtain the data of the storage location of designated virtual machine packet 163, as seen at step 906.In some instances, host Management assembly 139 can in the form of IP address and port numbers designated storage location.

In step 909, hypervisor 149 can obtain virtual machine packet 163 from designated position.Then, in step 913, if virtual machine packet 163 is virtual machine image, hypervisor 149 can be reflected for example, by installation or loading disk As installing virtual machine packet 163.As a result, virtual machine 146 can be created in virtual machine performing environment 143.Later, which can To terminate.

With reference to figure 10, the exemplary flow chart for another part operation that hypervisor 149 is provided is shown.Especially It is that Figure 10 provides the example that hypervisor 149 installs virtual machine configuration 166.The flow chart of Figure 10 can by regarding To depict the example for the method realized in client device 106.

Since step 1003, hypervisor 149 can determine whether it obtains installation virtual machine configuration 166 order.For example, hypervisor 149 can receive a command to installation virtual machine configuration text from Host Administration component 139 Part 166.If hypervisor 149 there is no the order of installation virtual machine configuration 166, which can tie Beam.

Otherwise, super if hypervisor 149 obtains the order of installation virtual machine configuration 166 really Management program 149 can obtain the data of the storage location of designated virtual machine configuration file 166, as shown in step 1006.One In a little examples, Host Administration component 139 can in the form of IP address and port numbers designated storage location.

In step 1009, hypervisor 149 can obtain virtual machine configuration 166 from specified position.So Afterwards, in step 1013, hypervisor 149 can install virtual machine configuration 166.Hereafter, which can terminate.

With reference to figure 11, the exemplary flow chart for another part operation that hypervisor 149 is provided is shown.Especially Ground, Figure 11 provide the example that hypervisor 149 installs managing caller component 153 in virtual machine 146.Figure 11 can be by It is considered as the example for depicting the method realized in client device 106.

Since step 1103, hypervisor 149 can determine whether it obtains installation managing caller component 153 Order.For example, hypervisor 149 can receive a command to installation managing caller component from Host Administration component 139 153.If hypervisor 149 does not obtain the order of installation managing caller component 153, which can terminate.

In step 1106, hypervisor 149 can obtain the installation kit of managing caller component 153.In some examples In, Host Administration component 139 can provide installation kit.In other examples, managing caller component 153 can obtain designated mounting The data of the storage location of packet, and managing caller component 153 can retrieve installation kit from storage location.

As shown in step 1109, installation kit can be supplied to guest operating system 151 by hypervisor 149.Then, In step 1113, hypervisor 149 can order guest operating system 151 execute the installation kit of managing caller component 153. Hereafter, which can terminate.

With reference to figure 12, the exemplary flow chart for another part operation that hypervisor 149 is provided is shown.Especially Ground, Figure 12 provide the example that hypervisor 149 installs application program in virtual machine 146.The flow chart of Figure 12 can be with It is counted as depicting the example for the method realized in client device 106.

Since step 1203, hypervisor 149 can determine whether it obtains the order of installation application program. For example, hypervisor 149 can receive order to have installed the user of client device 106 from Host Administration component 139 Ask the application program accessed.If hypervisor 149 there is no the order of installation application program, which can be with Terminate.

In step 1206, hypervisor 149 can obtain the installation kit of application program.In some instances, host Management assembly 139 can provide installation kit.In other examples, managing caller component 153 can obtain depositing for designated mounting packet The data that storage space is set, and managing caller component 153 can retrieve installation kit from the storage location.

As shown in step 1209, installation kit can be supplied to guest operating system 151 by hypervisor 149.Then, exist Step 1213, hypervisor 149 can order guest operating system 151 execute the application program installation kit.Later, the mistake Journey can terminate.

Sequence chart and flow discussed above show the example of the function and operation of the realization of component described herein. The component of networked environment 100 described herein can be presented as the combination of hardware, software or hardware and software.If with software body Existing, each step in sequence chart and flow chart can be represented including the computer instruction for realizing specified logic function A part for module or code.Computer instruction may include source code comprising be write with programming language or machine code Human-readable statements, programming language or machine code include can be by suitably executing the system (processing in such as computer system Device) identification machine instruction.If with hardware-embodied, each step can indicate to realize the circuit or more of specified logic function A interconnection circuit.

Although sequence chart discussed above and flow show it is specific execute sequence, execution sequence can be different In shown sequence.For example, can sequentially exchange two or more steps relative to shown in executes sequence.In addition, Two or more steps continuously shown can be performed simultaneously or partially simultaneously.In addition, in some instances, can jump Cross or omit one or more steps shown in flow chart.In addition, in order to enhance practicability, accounting, performance measurement or event Barrier excludes miscellaneous function, can be added to any number of counter, state variable, caution signal or message described herein In logic flow.

Enterprise computing environment 103 and client device 106 may include at least one processing circuit.Such processing circuit May include one or more processors for being coupled to local interface and one or more storage devices.Local interface can be with It include the data/address bus with appended address/controlling bus.

Storage device for processing circuit can be stored and can be executed by one or more processors of processing circuit Data and component.In some instances, management service 113, directory service 116, host operating system 136, Host Administration component 139 and hypervisor 149 can at least partly be stored in one or more storage devices, and can by one Or more processor execute.In addition, business data storage 119 can be located in one or more storage devices.

Component described herein can using hardware, as the component software that can be executed by hardware or as software and hardware The form of combination embodies.If being presented as hardware, component described herein may be implemented as using any suitable hard The circuit or state machine of part technology.This hardware technology includes such as microprocessor, is had for one or more in application The discrete logic circuitry of the logic gate of various logic function, the application-specific integrated circuit with appropriate logic gate are realized when data-signal (ASIC) or programmable logic device, such as field programmable gate array (FPGA) and Complex Programmable Logic Devices (CPLD).

In addition, one or more or more components in the component described herein including software or computer instruction May be embodied in any non-transitory computer-readable medium, for instruction execution system use or it is in connection, for example, Processor in computer system or other systems.Such computer-readable medium can include, storage and maintenance is by instructing Execution system uses or software and computer instruction in connection.

Computer-readable medium may include physical medium, such as magnetic, light, semiconductor or other suitable media. The example of suitable computer-readable medium includes the storage of solid state drive, magnetic driven device, flash memory and such as CD (CD) Disk.In addition, any logic described herein or component can be realized and be constructed in various ways.For example, described one Or more component may be implemented as the module or component of single application program.In addition, described herein one or more Component can be executed in a computing device or be executed by using multiple computing devices.

The example for the realization that example described above illustrates just for the sake of the principle of the disclosure is expressly understood.At this In matter without departing from the disclosure spirit and principle in the case of, many change and modification can be made to above-mentioned example.It is all this A little modifications and variations are intended to be included in the scope of the present disclosure.

Claims (20)

1. a kind of method, including:
The request for representing user's access application is obtained, the request is obtained from client device associated with the user ;
It determines the need for the client device and executes virtual machine, the virtual machine executes the application program;
Identify whether the virtual machine is installed in the client device;And
The virtual machine is set to be installed in the client device.
2. the method as described in claim 1 further includes:
Identify whether the hypervisor of the virtual machine is installed in the client device;And
The hypervisor for being used in the virtual machine is installed in the client device.
3. the method as described in claim 1 further includes that managing caller component is made to be installed in the virtual machine.
4. method as claimed in claim 3, wherein it includes life to make the managing caller component be installed in the virtual machine Enable the guest operating system of the virtual machine that the managing caller component is mounted in the virtual machine.
5. method as claimed in claim 4 further includes providing installation kit to the managing caller component.
6. method as claimed in claim 4, further includes:
The storage location of installation kit is provided to the managing caller component;And
The order that the installation kit is retrieved from the storage location is provided to the managing caller component.
Further include that the hypervisor of virtual machine described in order is held in the virtual machine 7. the method as described in claim 1 It is executed with the pattern for hiding the console of the virtual machine when row application program.
8. a kind of system, including:
Computing device;
Storage device stores the multiple computer instructions that can be executed by the computing device, wherein the multiple computer refers to Order makes the computing device at least:
The request for representing user's access application is obtained, the request is obtained from client device associated with the user ;
It determines the need for the client device and executes virtual machine, the virtual machine executes the application program;
Identify whether the virtual machine is installed in the client device;And
The virtual machine is set to be installed in the client device.
9. system as claimed in claim 8, wherein the multiple computer instruction also makes the computing device at least:
Identify whether the hypervisor of the virtual machine is installed in the client device;And
The hypervisor of the virtual machine is set to be installed in the client device.
10. system as claimed in claim 8, wherein the multiple computer instruction also makes the computing device at least make visitor Management assembly is installed in the virtual machine.
11. system as claimed in claim 10, wherein the multiple computer instruction also makes the computing device at least provide The managing caller component is mounted on the order in the virtual machine.
12. system as claimed in claim 11, wherein the multiple computer instruction also makes the computing device at least to institute It states managing caller component and installation kit is provided.
13. system as claimed in claim 11, wherein the multiple computer instruction also makes the computing device at least:
The storage location of installation kit is provided to the managing caller component;And
The order that the installation kit is retrieved from the storage location is provided to the managing caller component.
14. system as claimed in claim 8, wherein the multiple computer instruction also makes the computing device at least order institute The hypervisor of virtual machine is stated when the virtual machine executes the application program to hide the console of the virtual machine Pattern execute.
15. a kind of non-transitory computer-readable medium, multiple computer instructions that storage can be executed by computing device, wherein institute Stating multiple computer instructions makes the computing device at least:
The request for representing user's access application is obtained, the request is obtained from client device associated with the user ;
It determines the need for the client device and executes virtual machine, the virtual machine executes the application program;
Identify whether the virtual machine is installed in the client device;And
The virtual machine is set to be installed in the client device.
16. non-transitory computer-readable medium as claimed in claim 15, wherein the multiple computer instruction is further Make the computing device at least:
Identify whether the hypervisor of the virtual machine is installed in the client device;And
The hypervisor of the virtual machine is set to be installed in the client device.
17. non-transitory computer-readable medium as claimed in claim 15, wherein the multiple computer instruction is further Making the computing device at least makes managing caller component be mounted in the virtual machine.
18. non-transitory computer-readable medium as claimed in claim 17, wherein the multiple computer instruction also makes institute It states computing device and the order being mounted on the managing caller component in the virtual machine is at least provided.
19. non-transitory computer-readable medium as claimed in claim 18, wherein the multiple computer instruction is further Make the computing device at least:
The storage location of installation kit is provided to the managing caller component;And
The order that the installation kit is retrieved from the storage location is provided to the managing caller component.
20. non-transitory computer-readable medium as claimed in claim 15, wherein the multiple computer instruction is further The computing device is set at least to order the hypervisor of the virtual machine when the virtual machine executes the application program Pattern to hide the console of the virtual machine executes.
CN201780009368.6A 2016-02-09 2017-02-09 The deploying virtual machine of trustship CN108604187A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US15/019,193 US10255092B2 (en) 2016-02-09 2016-02-09 Managed virtual machine deployment
US15/019,193 2016-02-09
PCT/US2017/017207 WO2017139476A1 (en) 2016-02-09 2017-02-09 Managed virtual machine deployment

Publications (1)

Publication Number Publication Date
CN108604187A true CN108604187A (en) 2018-09-28

Family

ID=59496282

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780009368.6A CN108604187A (en) 2016-02-09 2017-02-09 The deploying virtual machine of trustship

Country Status (4)

Country Link
US (1) US10255092B2 (en)
EP (1) EP3365775A4 (en)
CN (1) CN108604187A (en)
WO (1) WO2017139476A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161402B (en) * 2015-04-22 2019-07-16 阿里巴巴集团控股有限公司 Encryption equipment key injected system, method and device based on cloud environment
US10255092B2 (en) * 2016-02-09 2019-04-09 Airwatch Llc Managed virtual machine deployment
EP3270320A4 (en) * 2016-04-25 2018-05-09 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Method and device for creating virtual machine
US10445007B1 (en) * 2017-04-19 2019-10-15 Rockwell Collins, Inc. Multi-core optimized warm-start loading approach
DE102018112364A1 (en) * 2018-05-23 2019-11-28 Fujitsu Technology Solutions Intellectual Property Gmbh Method for providing application-oriented software and computer system

Family Cites Families (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002075527A2 (en) * 2001-03-19 2002-09-26 Qualcomm Incorporated Dynamically downloading and executing system services on a wireless device
US7165099B2 (en) * 2002-03-15 2007-01-16 Qualcomm Inc. Dynamically downloading and executing system services on a wireless device
US8122106B2 (en) * 2003-03-06 2012-02-21 Microsoft Corporation Integrating design, deployment, and management phases for systems
US8972977B2 (en) * 2004-06-30 2015-03-03 Microsoft Technology Licensing, Llc Systems and methods for providing seamless software compatibility using virtual machines
US7996785B2 (en) * 2004-06-30 2011-08-09 Microsoft Corporation Systems and methods for integrating application windows in a virtual machine environment
US8549513B2 (en) * 2005-06-29 2013-10-01 Microsoft Corporation Model-based virtual system provisioning
US8886865B1 (en) 2006-04-24 2014-11-11 Vmware, Inc. Virtual machine image management using delta trees
US8527982B1 (en) * 2007-01-12 2013-09-03 moka5. Inc. Auto install virtual machine monitor
US20080184216A1 (en) * 2007-01-25 2008-07-31 Johan Muedsam Managing application software in mobile communication devices
US20090077551A1 (en) * 2007-09-18 2009-03-19 Novell, Inc. Virtual machine image builder for automated installation of fully-virtualized operating system
US8161479B2 (en) * 2008-06-13 2012-04-17 Microsoft Corporation Synchronizing virtual machine and application life cycles
US20100138829A1 (en) * 2008-12-01 2010-06-03 Vincent Hanquez Systems and Methods for Optimizing Configuration of a Virtual Machine Running At Least One Process
US20100174894A1 (en) * 2009-01-07 2010-07-08 Lenovo (Singapore) Pte, Ltd. Method, Apparatus, and System for Configuring an Operating System on a Target Computer
US8607224B2 (en) * 2009-05-28 2013-12-10 Yahoo! Inc. System for packaging native program extensions together with virtual machine applications
US8555377B2 (en) * 2010-04-29 2013-10-08 High Cloud Security Secure virtual machine
US9936333B2 (en) * 2010-08-10 2018-04-03 Microsoft Technology Licensing, Llc Location and contextual-based mobile application promotion and delivery
US8959220B2 (en) * 2010-11-02 2015-02-17 International Business Machines Corporation Managing a workload of a plurality of virtual servers of a computing environment
US8966020B2 (en) * 2010-11-02 2015-02-24 International Business Machines Corporation Integration of heterogeneous computing systems into a hybrid computing system
US20120311575A1 (en) * 2011-06-02 2012-12-06 Fujitsu Limited System and method for enforcing policies for virtual machines
US20140032733A1 (en) * 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
US20140040979A1 (en) * 2011-10-11 2014-02-06 Citrix Systems, Inc. Policy-Based Application Management
TWI478063B (en) * 2011-11-21 2015-03-21 Inst Information Industry System and method for providing application program utilizing virtual machine and computer readable storage medium storing the method
US8893261B2 (en) * 2011-11-22 2014-11-18 Vmware, Inc. Method and system for VPN isolation using network namespaces
US20130290954A1 (en) * 2012-04-30 2013-10-31 Chia-Chu Sun Dorland Service provider-hosted virtual machine instantiation by hoster user for use by end users
US9317689B2 (en) * 2012-06-15 2016-04-19 Visa International Service Association Method and apparatus for secure application execution
US8756689B2 (en) * 2012-06-29 2014-06-17 Intel Corporation Method, system, and device for securely handling virtual function driver communications with a physical function driver
US8924720B2 (en) * 2012-09-27 2014-12-30 Intel Corporation Method and system to securely migrate and provision virtual machine images and content
GB2507753A (en) * 2012-11-07 2014-05-14 Ibm Dynamic configuration of virtual appliances
GB2513535A (en) * 2012-12-14 2014-11-05 Ibm Software installer with built-in hypervisor
JP6005566B2 (en) * 2013-03-18 2016-10-12 株式会社東芝 Information processing system, control program, and information processing apparatus
US9519513B2 (en) * 2013-12-03 2016-12-13 Vmware, Inc. Methods and apparatus to automatically configure monitoring of a virtual machine
KR20150121902A (en) * 2014-04-22 2015-10-30 삼성전자주식회사 Device for providing virtualization services and method thereof
CN105335207B (en) * 2014-05-29 2019-04-12 国际商业机器公司 Method and apparatus for managing virtual machine instance
US20150378763A1 (en) * 2014-06-30 2015-12-31 Vmware, Inc. Methods and apparatus to manage monitoring agents
WO2016018098A1 (en) * 2014-07-31 2016-02-04 Samsung Electronics Co., Ltd. Mobile device and method of executing application based on particular zone
US20160080474A1 (en) * 2014-09-16 2016-03-17 Amazon Technologies, Inc. Instance backed mobile devices
US20160085765A1 (en) * 2014-09-22 2016-03-24 Amazon Technologies, Inc. Computing environment selection techniques
US9286102B1 (en) * 2014-11-05 2016-03-15 Vmware, Inc. Desktop image management for hosted hypervisor environments
JP2016103144A (en) * 2014-11-28 2016-06-02 富士通株式会社 Virtual machine deployment method, virtual machine deployment program and virtual machine deployment system
US20160246583A1 (en) * 2015-02-25 2016-08-25 Red Hat Israel, Ltd. Repository manager
US9727324B2 (en) * 2015-05-22 2017-08-08 VMware. Inc. Application management in enterprise environments using cloud-based application recipes
CN105100191B (en) * 2015-05-22 2018-09-21 华为技术有限公司 The method, apparatus and system of Java application installations are realized in a kind of cloud compiling
US9720710B2 (en) * 2015-08-18 2017-08-01 Raytheon, Inc. Dynamically provisioning, managing, and executing tasks
US10255092B2 (en) * 2016-02-09 2019-04-09 Airwatch Llc Managed virtual machine deployment

Also Published As

Publication number Publication date
EP3365775A1 (en) 2018-08-29
EP3365775A4 (en) 2019-10-02
US20170228245A1 (en) 2017-08-10
US10255092B2 (en) 2019-04-09
WO2017139476A1 (en) 2017-08-17

Similar Documents

Publication Publication Date Title
Guo et al. A framework for native multi-tenancy application development and management
US8171485B2 (en) Method and system for managing virtual and real machines
US8572709B2 (en) Method for managing shared accounts in an identity management system
US8141075B1 (en) Rule engine for virtualized desktop allocation system
CN105247531B (en) Managed browser is provided
Von Laszewski et al. Comparison of multiple cloud frameworks
Badger et al. Cloud computing synopsis and recommendations
US9626526B2 (en) Trusted public infrastructure grid cloud
CN107506620B (en) Application market manages control
US8695075B2 (en) System and method for discovery enrichment in an intelligent workload management system
US20090119779A1 (en) License activation and management
US20110004564A1 (en) Model Based Deployment Of Computer Based Business Process On Dedicated Hardware
CN104508627B (en) Mix cloud environment
US20120089666A1 (en) Virtual workplace environments
Jamsa Cloud computing
CN105247830B (en) Mobile device management function is provided
CN105247526B (en) Enterprise is provided and applies shop
US20110225467A1 (en) Starting virtual instances within a cloud computing environment
US8984104B2 (en) Self-moving operating system installation in cloud-based network
De Chaves et al. Toward an architecture for monitoring private clouds
Hu et al. A review on cloud computing: Design challenges in architecture and security
US9043458B2 (en) Framework for facilitating implementation of multi-tenant SaaS architecture
ES2548302T3 (en) Method and system to simplify the management of distributed servers
US20130013738A1 (en) Multitenant hosted virtual machine infrastructure
US8458658B2 (en) Methods and systems for dynamically building a software appliance

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination